Learning About the Adversary

Learning About the Adversary

Nadeem, A. (TU Delft Cyber Security)
Verwer, S.E. (TU Delft Cyber Security)
Yang, Shanchieh Jay (Rochester Institute of Technology)

Kott, Alexander (editor)

2023

The evolving nature of the tactics, techniques, and procedures used by cyber adversaries have made signature and template based methods of modeling adversary behavior almost infeasible. We are moving into an era of data-driven autonomous cyber defense agents that learn contextually meaningful adversary behaviors from observables. In this chapter, we explore what can be learnt about cyber adversaries from observable data, such as intrusion alerts, network traffic, and threat intelligence feeds. We describe the challenges of building autonomous cyber defense agents, such as learning from noisy observables with no ground truth, and the brittle nature of deep learning based agents that can be easily evaded by adversaries. We illustrate three state-of-the-art autonomous cyber defense agents that model adversary behavior from traffic induced observables without a priori expert knowledge or ground truth labels. We close with recommendations and directions for future work.

Adversary behavior
machine learning
behavior modeling
intrusion alerts
statistical models

http://resolver.tudelft.nl/uuid:d7c718ef-8ba6-4a35-93b2-40843fdef64f

https://doi.org//10.1007/978-3-031-29269-9_6

Springer

2023-12-04

978-3-031-29268-2

Autonomous Intelligent Cyber Defense Agent (AICA): A Comprehensive Guide, 87 (1)

Advances in Information Security, 1568-2633

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Institutional Repository

book chapter

© 2023 A. Nadeem, S.E. Verwer, Shanchieh Jay Yang